CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
33 points
by askl
4 hours ago
| 4 comments
| blog.qualys.com
| HN
ptx
1 hour ago
[-]
Better to follow the link to the technical details and just read those: https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-sys...

The article linked in the submission is more verbose but less clear and half of it is an advertisement for their product.

reply
rglover
23 minutes ago
[-]
Semi-related: does anybody know of a reliable API that announces CVEs as they're published?

Edit: for others who may be curious https://www.cve.org/Downloads

reply
charcircuit
3 minutes ago
[-]
When will these distros accept suid was a mistake and disable it. It has lead to critical local privilege escalation exploits so many times.
reply
ifh-hn
1 hour ago
[-]
I wonder if, and this is just speculating not trying to start an arguement, if this sort of thing could have happened in the simpler pre-snap, pre-systemd systems? More to the point is this a cause of using more complicated software?
reply
dogleash
1 hour ago
[-]
Permission and timing gotchas in /tmp predate snap and systemd. It's why things like `mkstemp` exist.

I remember cron jobs that did what systemd-tmpfiles-clean does before it existed. All unix daemons using /tmp run the risk of misusing /tmp. I don't know snap well enough to say anything about it makes it uniquely more susceptible to that.

reply
SoftTalker
44 minutes ago
[-]
The mistake seems to be using a predictable path (/tmp/.snap) in a publicly-writable directory.
reply